68d28238de387e38bfa4fb0724323f6c6d85e5893809936d9e4eca3c52a1ff6d | Triage

Analysis

max time kernel
140s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 04:37

Sharing

Report Analysis Logs

General

Target

a0f6a0e82b40ac5bf66ef6209e109b1d.dll
Size

53KB
MD5

a0f6a0e82b40ac5bf66ef6209e109b1d
SHA1

ea188c66ff614de5118c7e1b01e6f67122c46533
SHA256

68d28238de387e38bfa4fb0724323f6c6d85e5893809936d9e4eca3c52a1ff6d
SHA512

38382ab3610505be4d82df2deec028d1b89e238a93712f83e28b28622cff236fd9b4e80a182935fc8b49b8a97a3bf3e49daa339fd751526c3646c4fadd151550
SSDEEP

1536:BXg6hRvdqfpFjHfvQMwgnlJXZAThScIn+:B/hRc/jHfv0gFYhH

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2164	5024	WerFault.exe	85

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4208 wrote to memory of 5024	4208	rundll32.exe	85
PID 4208 wrote to memory of 5024	4208	rundll32.exe	85
PID 4208 wrote to memory of 5024	4208	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0f6a0e82b40ac5bf66ef6209e109b1d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0f6a0e82b40ac5bf66ef6209e109b1d.dll,#1
  2⤵
  PID:5024
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 544
    3⤵
    - Program crash
    PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 5024 -ip 5024
1⤵
PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5024-0-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download